Quantcast
PC World: Technology Advice You Can Trust
Search
Browse by Topic
Subscribe to magazine

Magazine

Subscribe & Get
a Bonus CD

Customer Service

Find a Review
Dads & Grads Gift Guide Audio & Video Business Center Cameras Cell Phones & PDAs Communications Components & Upgrading Desktop PCs DVD & Hard Drives Gaming Hardware & Software HDTV Laptops Macs & iPods Monitors Printers Spyware & Security The PCW Test Center Windows Vista & XP
Resource Centers
Asus Notebook Center
CDW Solution Center
HP Ink Center
Intel Technology Center
Lenovo Laptop Showcase
White Paper Library
Webcast Library
Most Popular Search Terms
Most Popular Products
Most Popular Downloads
Free Newsletters
Receive the latest reviews, how-to's, news, and more.
Product Tips & Reviews
Daily Downloads
Windows Vista
Go
WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
RSS Feeds
Get our latest content via convenient RSS feeds.
Latest News
Today @ PC World
Become a PCW Member
Join the community and start enjoying the benefits:
  • Get tech advice from thousands of PC World Members
  • Rate and recommend the latest tech products
  • Share your thoughts in blog and article comments
  • Get free excerpts and exclusive discounts on Super Guides
Signing up is free and easy.
Read More About: Software BugsHackers

Patch Posted for Apache Hole

Workaround, update available for 'high risk' security flaw in widely-used Web server.

Matt Berger, IDG News Service

Friday, August 16, 2002 4:00 PM PDT
Recommend this story?
Yes
No

A flaw has been discovered in the newest version of the Apache Web server that could allow an attacker to take control of a user's system, prompting the release Friday of an upgrade to the software.

PivX Solutions, a network security consultancy in Newport Beach, California, disclosed the vulnerability Friday soon after an upgrade to Apache Version 2.0 that fixes the hole was posted. The hole could let an attacker remotely access all the files on an Apache 2.0 Web server, execute them, pass malicious code, and even shut down the system completely, said Geoff Shively, who goes by the title "chief hacking officer" at PivX Solutions.

"This is the same type of vulnerability that made Code Red, Code Blue, and Nimda possible," Shively said. "If someone wanted to make a worm for this it would take the same route."

PivX Solutions has released a basic workaround that will disable the problem, the company said. In addition, the Apache Software Foundation has made available a new version of the software that plugs the hole. Both the workaround and the upgrade are available from the Apache site.

Updates Urged

The vulnerability affects Apache systems running on all versions of Windows as well as OS/2 and NetWare, according to PivX. The Apache Software Foundation added that it affects all default installations of the Apache Web server. Unix and other variant platforms appear unaffected, according to Apache.

It is considered high risk, and users are urged to immediately install version 2.0.40 of the Apache Web server or implement the workaround.

"Some people have been using this attack," Shively said. "There have been some systems affected that we're somewhat aware of."

The firm discovered the flaw on August 3 and four days later began working with the Apache Software Foundation on a fix.

"We waited until today to release the advisory so Apache could make the fix," Shively said.

PivX Solutions also disclosed a second vulnerability in Apache 2.0 Friday, though it was deemed low risk. The second flaw can be used to gather information about an individual Apache Web server, such as who owns it, what operating system it is running on, names of files stored on the server, where it is physically located, as well as other info that would normally be held private, Shively said. The 2.0.40 upgrade also fixes this low-risk flaw, according to Apache.


Recommend this story?
Yes
No
Related Searches: apachepatchholesecurityprivx
Related Content
Latest News
Apple's IPhone May Face Uphill Battle in Some Regions
The iPhone's reach expanded again Friday, with Orange announcing plans to sell the phone in Europe, the Middle East and... 16-May-2008
Seeing Is Believing With High-definition Train Simulator
A new train simulator codeveloped by Fujitsu offers unparalleled realism thanks to high-definition video shot on actual train... 16-May-2008
Samsung to Unveil 'Blue Phase' 240Hz LCD Panel
Samsung Electronics will unveil this weekend the first prototype of a new LCD (liquid crystal display) technology that won't... 16-May-2008
Panasonic's Car Navi Reaches Home While Away From Home
With all the time spent on the road, most drivers consider their cars to be their second homes. Reaching their primary home... 16-May-2008
Hearts Turn to Rainbows in Quake's Wake
Internet users in China have begun expressing solidarity with the victims of Monday's earthquake via their instant messaging... 15-May-2008
Sony Names New Head of Worldwide Games Studios
Sony has promoted a senior executive at its U.S. games studio to lead its global studios, it said Friday. 15-May-2008
Fujitsu Tackles E-paper's Slow Screen Speed
Fujitsu has developed a prototype electronic paper screen that tackles one of the technology's biggest weaknesses: the amount... 15-May-2008
Windows Coming on Dual-boot OLPC
The One Laptop Per Child Project and Microsoft plan to make both Windows and Linux available on a version of the project's XO... 15-May-2008
Yahoo Tells Icahn That Its Own Board Knows Best
Yahoo has responded to investor Carl Icahn's threat to take control of Yahoo's board and force it back to the negotiating... 15-May-2008
Does Icahn Have a Backup Plan?
Billionaire investor Carl Icahn's proxy fight for Yahoo is aimed at reigniting merger talks between the Internet company and... 15-May-2008

PC World's Marketplace

PC World's Free Whitepapers

Name City
Address 1 State Zip
Address 2 E-mail (optional)